In our last article, we discussed five important slip-ups that a lot of people commit when using WordPress. In this week’s post, we are going to talk about five more important points, which are related to themes, plugins and their combination.

Themes and plugins are like our appearance and abilities. When comparing to the human body, the WordPress core is our heart – it makes us “alive”. Themes are our appearance – how we look. Plugins are our abilities – our skills – both physical and mental.

Thankfully, when it comes to WordPress, we can switch between themes and plugins – “appearances” and “abilities”, with the click of a button. (Would be awesome in real life, wouldn’t it? Oh wait, do we have cyborgs?) But too much of interchanging themes and installing a few too many plugins can have an adverse effect. Let’s take a look at each of them:

6. Installing Too Many Plugins

In our last article, we talked about how the YARRP plugin can cause server resource overuse, which can lead to the suspension of your shared hosting account. A similar problem takes place when you install and activate a lot of unnecessary plugins – ones which you rarely use.

It is important to realize the difference between an installed plugin and an activated plugin. All plugins have two states – activated and deactivated.

By default, when you install a plugin (irrespective of the method of installation – FTP upload or via the plugin manager), the plugin remains deactivated. You have to manually activate the plugin for it to work.

The second state is the active state, where the plugin is active and functioning in your WordPress site

The adverse effects begin to arise when you have multiple active plugins. There are two main problems that can arise:

Inter-plugin and plugin-theme conflicts – A particular plugin (or theme) may not work due to some restriction imposed by another plugin (or theme). Let me introduce you to a programming concept called mutual exclusion. One plugin (or theme) might hold on to a particular resource (for an indefinite amount of time) and not let others use that resource. If another plugin wants to access the resource, it can’t – because it’s previously blocked. Thus, the new plugin wouldn’t work.

Buggy plugins – There are a plethora of plugins available in the WordPress repository. Anyone can contribute to it – a novice programmer, or an expert with a decade of programming experience. The difference lies in the quality of code where the latter would undoubtedly excel. Therefore, we should avoid plugins with a low download count. Even if we do, make sure to test in in an experimental setup

Solution:

Stick to reputed and popular themes and plugins

Use the required number of plugins (try to keep it as low as possible)

Deactivate unused plugins

Avoid downloading plugins that aren’t available in the WordPress repository

Check for plugin compatibility with your current WordPress version

Perform a full backup before installing a plugin with major functionality

Try to create an experimental setup of your WordPress site, and install plugins in it

Some of you may ask – Is it okay to install as many plugins as we want, and activate the ones that are strictly necessary? The answer to this excellent question would be – to your surprise – no! Here’s why:

Certain plugins, for example – WordPress SEO plugin by Yoast, require a certain amount of bookkeeping. The various SEO parameters, custom settings, etc. All of this information is stored in your WordPress database.

Most plugins create new field entries in your WordPress database, the moment you activate them. When you install too many of these plugins, it unnecessarily bloats the database size. Later, even if you deactivate the plugin – the newly created fields in the WordPress database would still continue to exist. So just be sure to put a bit of thought into which plugins you’re activating.

7. Frequent Theme Changes

Themes are the attire to the WordPress site. Some feature-rich themes like the Total WordPress theme can be used in thousand different projects – each with a unique layout. A clean, well-organized theme will do wonders for your conversion rate.

It’s a common practice among novice bloggers (or site owners) to keep jumping from one theme to another. When it comes to WordPress, the temptation is just too much! You have thousands of beautifully crafted free themes – at your fingertips!

Naturally, new WordPress users won’t be satisfied with the theme they’ve installed and would tend to switch themes – in search of the perfect one. I remember the number of themes I switched while constructing my first blog – 27!

Here’s one piece of advice I wish I took:

There’s no such thing as the perfect theme!

Now let’s explore the “why” part.

The Technical Part

Just like plugins, certain feature-rich themes include additional properties such as custom settings, up-votes, ratings, etc. Storing these settings would require the creation of new tables or fields in your WordPress database. Similar to the plugins case, when you install too many themes, the same effect is carried forward. You ultimately end up having a cluttered database, with an increased query response time.

The Psychological Aspect

When someone visits your site, an image is automatically registered in his mind. If the quality of content and design is good, you earn one point in the visitor’s mind. When the same person visits your site again (at another time and sees the same design), his memory will be refreshed. You will then have scored two reputation points in his mind. This is how you establish your site’s reputation.

Now consider the alternative. Suppose you kept on changing your theme. If the visitor sees a completely different design in his second visit, his memory isn’t refreshed. Your previous impression is lost and a new impression is created. All your previously accumulated impression points are lost.

The Brand Factor

Finally, there’s the branding aspect. Every site or business must strive to establish their brand. Once you’ve established a brand name for your company, there’s no limit to your success. Take Elegant Themes for example. Their social sharing plugin – Monarch, got a tremendous response from the online community – right from the day of its launch. We must try to keep a single theme associated with our site/brand.

8. Installing WordPress In A Subfolder Called ‘wordpress’

Many WordPress auto installers like Softaculous install WordPress any way you prefer. Some folks think “Since I’m installing WordPress, I should install it in a proper (named) folder” No! That’s not right!

If you intend to run your site using only one CMS (WordPress), then you should always install it in the base directory – i.e. without using any subfolder. Think about it, www.wpexplorer.com looks way more professional than www.wpexplorer.com/wordpress

The only time you would create a different folder for a new WordPress installation is when you’re using a different CMS for your business portfolio and WordPress for the blog. Even in that case, a folder named ‘blog’ sounds much better than ‘wordpress’.

9. Using ‘admin’ As A Username

During the WordPress installation, the default username is admin. You must ensure that you use a different username. Leaving the default username to ‘admin’ is a serious WordPress security loophole, taking into account the recent bruteforce attack on over half the WordPress sites.

When you have ‘admin’ as the username, it gives hackers a free pass. Half their job (i.e. guessing the correct username) is done. All they need to do is use a series of bruteforce attacks to guess your password. Once done, they infiltrate your site, steal your client’s email address, payment logs and basically destroy what you’ve built for so long. If you already have admin as a username – don’t worry, I’ve made a tutorial specifically for this purpose – How to Delete the WordPress ‘admin’ Username.

10. Using Weak Passwords

This may seem like a silly point. But practically speaking, people still use a lot of vulnerable passwords. If they had used strong passwords, then Twitter would not have published a list of 370 banned passwords. A strong password should always have these three characters in them:

Uppercase

Lowercase

Numbers

Special Characters

I get it – it is impractical to remember this crazy passwords like 6efH&9sD2!LP. As a solution, we can use a free online password manager tool like LastPass, which has extensions for almost all web browsers, mobile operating systems, and a standalone Mac app. The principle is simple – you store all your complex passwords in this tool and have to remember only one password to access it.

Conclusion

Next week, we will discuss a couple of slightly advanced security aspects in WordPress and some general advice on using free and pirated themes and plugins.

6 Comments

Hi Sourav
Installing a lots of plugins is not a problem at all. The problem always lies in -how these plugins are coded and how they are interacting with other system. If they are using Javascript or standalone css how they are loading these two and how many database calls they are making to produce a particular solution. Thus according to me having a lots of plugins is not a problem all the way. after all WordPress is designed this way.

hi sourav
thank you for this great blog post, i like how ‘bodacious’ your post picture look very clear.
both post were a great reminder,
how do i achiever your kind of bio and social media button below your page its simple n unique
oyekan from Nigeria

I use the free (with paid option) plugin Wordfence to help secure my site. It warns me when plugins need updating and when people try to login – which is depressingly often. I can block people even trying to login with admin, which as you say, no-one should ever use.